Merge pull request #8412 from projectdiscovery/princechaddha-patch-3

Fixing weak matchers

http/default-logins/franklin-fueling-default-login.yaml

@@ -1,7 +1,7 @@
 id: franklin-fueling-default-login
 
 info:
-  name: Franklin Fueling System Default Login - Detect
+  name: Franklin Fueling System - Default Login
   author: r3Y3r53
   severity: high
   description: |
@@ -31,11 +31,13 @@ http:
         - roleGuest
       password:
         - admin
+
     cookie-reuse: true
     matchers:
       - type: dsl
         dsl:
           - 'status_code == 200'
           - 'contains(content_type, "text/xml")'
+          - 'contains(body, "</TSA_RESPONSE_LIST>")'
           - 'contains(body, "roleAdmin") || contains(body, "roleUser") || contains(body, "roleGuest")'
         condition: and

http/vulnerabilities/other/taiwanese-travel-lfi.yaml

@@ -19,6 +19,7 @@ http:
     path:
       - "{{BaseURL}}/index.php?page=/etc/passwd"
 
+    matchers-condition: and
     matchers:
       - type: regex
         part: body

http/vulnerabilities/wordpress/wp-ellipsis-xss.yaml

@@ -22,10 +22,16 @@ http:
         GET /wp-content/plugins/ellipsis-human-presence-technology/inc/protected-forms-table.php?&page=%22%20%3E%3Cscript%3Ealert(document.location)%3C/script%3E HTTP/1.1
         Host: {{Hostname}}
 
+    matchers-condition: and
     matchers:
-      - type: dsl
+      - type: word
-        dsl:
+        part: body
-          - 'status_code == 200'
+        words:
-          - 'contains(content_type, "text/html")'
+          - '<script>alert(document.location)</script>'
-          - 'contains(body, "<script>alert(document.location)</script>") && contains(body, "protected-forms-table")'
+          - '<form id="protected-forms-table"'
         condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/html"